Moby Race Condition vulnerability
High severity
GitHub Reviewed
Published
Nov 29, 2024
to the GitHub Advisory Database
•
Updated Dec 4, 2024
Package
Affected versions
< 26.0.0
Patched versions
26.0.0
Description
Published by the National Vulnerability Database
Nov 29, 2024
Published to the GitHub Advisory Database
Nov 29, 2024
Reviewed
Dec 2, 2024
Last updated
Dec 4, 2024
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion.
References